May 8, 2011

US Congress scrambling to draft 'do not track' laws

Cecelia Kang, Washington Post

Saturday, May 7, 2011

(05-07) 04:00 PDT Washington --

Lawmakers said Friday they will introduce two "do not track" privacy bills that would allow people to block companies from following their activity on the Internet.

The proposals reflect Congress' growing focus on passing first-time privacy laws for all Internet users and updating children's privacy laws as more young people get on the Web through mobile devices.

Web firms generally oppose "do not track" rules, first recommended by the Federal Trade Commission, arguing that companies can create tools to help users manage tracking. Some firms, such as Microsoft and Mozilla, have come up with browser-based privacy controls without government mandates.

In the House, Reps. Edward Markey, D-Mass., and Joe Barton, R-Texas, issued a draft of a children's privacy bill, called the "Do Not Track Kids Act of 2011," which seeks to protect the youngest users from tailored marketing and from the risk of exposing personal information without parents' consent.

The bill specifies that the privacy rules would apply to mobile phone apps, an area unregulated by the federal government. It would require companies to get parental consent to collect location information from children 12 and younger. Teens would have to expressly agree to location collection.

Sen. Jay Rockefeller, D-W.Va., said he would introduce a bill covering all Internet users, making it illegal for websites and marketers to track anyone who had opted out of data collection. The measure would also require companies to destroy user information or make it anonymous once it is no longer useful. The FTC would be in charge of enforcement.

"I've asked for a waiver of Senate ethics rules so I can give Sen. Rockefeller a gift he really needs - an iPad," said Steve DelBianco, executive director of NetChoice, a trade group that represents Web firms including AOL, eBay and Expedia. "The senator can see for himself how interest tracking lets advertisers pay for all those free apps and Web services that regular Americans love to use."

Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/05/06/MNTC1JD50U.DTL#ixzz1LnysO1QK

Internet privacy: At every turn, our privacy is compromised by technology


Internet users must be more aware of the dangers inherent in the services they us3
  • The Observer,
  • Article history
  • A pattern is emerging. A researcher discovers that a product or service offered by a large (generally US-based) company contains a security flaw or a feature that compromises the privacy of internet users. The revelations are confirmed by other experts across the internet. The company responsible then goes through a predictable series of steps: first, "no comment", followed by indignant denial, then a PR-spun "explanation" and, eventually, an apology of sorts plus a declaration that the bug will be fixed or the intrusive practice terminated.
    A recent example was Apple's extraordinary contortions over the discovery that its iPhone was covertly collecting location data and storing it in unencrypted form. But last week also saw the revelation that devices made by TomTom, the leading manufacturer of GPS navigation systems, had effectively been spying on Dutch users and that the aggregated data had been sold to the police in order to guide the location of speed traps.
    Before that, there were the revelations that Google's street-mapping camera cars were also collecting data on every domestic WiFi network they passed. On the web, many sites now deploy hidden "history sniffing" codes to find out what other sites a user has visited, webmail servers "read" every email that passes through them and social networking sites reveal every detail of some subscribers' tastes, activities and location.
    What these developments presage is a perfect storm of surveillance, orchestrated not by the state but by huge corporations. Meanwhile, information commissioners across Europe try to enforce data protection laws that were crafted in the mainframe era, long before the founders of Google, Facebook et al were born. Neelie Kroes, the European commissioner responsible for data protection, is determined to reform the law to make US-based companies respect the privacy of their European users. But her efforts are doomed unless those users wake up to the ways their privacy is undermined by the services and devices they use.

Who owns your location?

An open letter to handset platform companies, carriers, app makers and the government.

By Mike Elgan
April 30, 2011 06:30 AM ET
Computerworld - Dear Apple, Google, Microsoft, AT&T, Sprint, T-Mobile, Verizon, app makers, Congress and President Obama (or current resident):
Enough! We, the smartphone-using people of the United States, are being taken advantage of, stolen from and blackmailed. It's got to stop.
The smartphones we carry have four ways to know where we are: GPS, Wi-Fi proximity, cell-tower triangulation and user check-in via services like FourSquare.
This "location data" -- information that the phone gathers about where the phone is at any given time -- has monetary value, as well as priceless social value.
In other words, there's money to be made from knowledge about where each of us is at any given moment. A lot of money. That data can be converted into contextual advertising revenue, used to create compelling new services or improve the value of existing products.
As a society, we have not fully vetted this issue. The question over who owns this data has not been resolved.
In the absence of this conversation, various companies have rushed into the void to stake their claims. Each of them asserts the right to capture, transmit, own, use, manipulate, sell or otherwise monetize what is not rightly theirs: my location, and the location of every smartphone user.
Apple has been storing general location data in an unencrypted file on iPhones. The company said the long-term storage of that data was a mistake that it has now fixed. Apple also said it plans to use phone location data to build a traffic service. By pooling information about the speed of drivers, the system the company envisions could detect traffic jams.
Google, Microsoft and others do the same thing. Google's Android operating system doesn't simply store the data on the phone; it transmits it back to Google servers. Android devices also collect GPS data and each phone's unique ID number.
One reason cell-phone operating systems collect this data is to improve cell-phone service. A phone can more quickly access cell tower or Wi-Fi service by referencing a local file, rather than launching a new search to see what connection options are out there each time. This capturing of location data improves the quality of the user experience, which gives handset makers an advantage in the market and helps them sell more phones -- Apple reported $12.3 billion in second-quarter sales of its iPhone alone.
Another reason is that location data can be used to offer services and location-based advertising. In other words, it can (and will) be monetized.
All of the major carriers, including AT&T, Sprint, T-Mobile and Verizon, collect customer location data and then sell the information in bulk to companies that can use it. The carriers told Congress this week that they ask user permission before doing this.
I don't recall being asked. Do you?
Many app makers routinely gather location data and often collect personal information from the phone to go with it -- information like your home ZIP code and your gender. Apps can do this without user knowledge or permission. In many cases, it's not clear how this information is being used, or whether it's being sold to third parties.
We suddenly find ourselves in a world where handset platform makers, carriers and app makers all claim ownership of our locations.
Nobody planned it this way. We've slouched into this state of affairs one step at a time while nobody was paying attention.

End the blackmail

Apple, Google and Microsoft all have an outrageous answer to the question of user control over location data: You can stop your location from being logged and shared by turning off location services in the settings.
In other words, they're saying that if you don't give them information about where you are, they're not going to let you use the GPS capability on your own phone.
Another word for that is blackmail.
Imagine if other cell-phone features worked that way. "If you don't let us download your contact database so we can make money from it, we won't let you use the Contacts app." Or: "If you don't let us capture the phone numbers you dial for our phone-spam database, we won't let you use your smartphone to make calls."
This is unacceptable. We paid for the GPS features in our phones. And we paid for the GPS satellite system with our tax dollars.
That mobile platform makers would disable the use of our own GPS gear and block us from using our own GPS satellite system unless we let them make money off of our location data ... well, that should be illegal.
But because all of the major handset makers offer the same deal, there's no way for user choice to have any effect. Market forces can't correct the problem, because everyone in the market is fleecing users in the same way.
We, the people, demand the equivalent of an "Airplane Mode" for location sharing. We should be able to access a conveniently placed switch that turns off the ability of anyone other than ourselves to use our location data, while keeping the GPS and other location-gathering services functioning for our own use.
Second, we demand that mobile operating system makers take responsibility for giving users control over location sharing by apps. There should be an easily accessible control that shows us who's gathering what information from our phones, with an easy way to say no.
Platform developers like Apple, Google and Microsoft want it both ways. They want a huge chunk of the revenue from app sales, but when those apps violate our privacy they're suddenly not involved in the transaction.
Apple takes one-third of the revenue for iOS apps. And it "protects" us from naked people, unsavory content and other non-existent threats. Why isn't it protecting us from predatory app makers?
And finally, we demand that basic location data that is not associated with individual phones -- useful for identifying crowd movements that could indicate traffic jams, and for many other purposes -- be collected centrally and made public and usable by anyone and everyone. Why should we roll over just because Apple or Google or AT&T claims to own this information? Information about the location of everybody belongs to everybody. It's like the "airwaves" or the National Park System.
Yes, our location data is valuable. But that doesn't mean you can just take it from us.
Mike Elgan writes about technology and tech culture. Contact and learn more about Mike at Elgan.com, or subscribe to his free e-mail newsletter, Mike's List.

Apr 11, 2011

Stop acting like a startup, Google

The company lacks the discipline and forethought to control its own strength, and its mistakes have far-reaching consequences

Stop acting like a startup, Google
If Google were a literary character, it would be Lenny from John Steinbeck's "Of Mice and Men." Lenny is a mountain of a man and a tireless, impressive worker with a heart of gold. He's always intent on doing the right thing (that is, "doing no evil"). Unfortunately, he lacks discipline and forethought. Unable to control his own strength, he leaves a wake of destruction in his path -- scaring women, hurting men, killing small animals, and ultimately murdering a young woman. As a result, he and his companion are frequently on the lam and losing jobs. Ultimately, his inability to control his own strength leads to his own undoing.
Similarly, Google is a technological powerhouse, capable of going toe to toe with some of most prominent tech companies on the planet. Much of its success can be attributed to the company's startup-like culture, in which employees are empowered and urged to try new things, seemingly less fettered by red tape than you might find at companies like Oracle or IBM.
The trade-off, though, appears to be insufficient internal checks and balances to prevent the powerhouse that is Google from inadvertently doing damage to its customers, its partners, and itself as it wields its might.
The latest example of Google's accidentally causing some damage -- this time, directly to itself -- is the company wrongly asserting in various forums, including court filings, that its Google Apps for Government suite is FISMA certified. Google will tell you that from a technical standpoint, Google Apps for Government indeed meets FISMA certification in that it's built on Google Apps, which is FISMA certified. Google has also said it has taken steps to make the government-tailored suite even more secure and government-friendly.
The problem, though, is that Google Apps for Document is not officially FISMA certified, arguably a bureaucratic fine point that could be rectified once the paperwork goes through the proper channels. Unfortunately, though, Google seemingly lacked the patience or the discipline to hold off making its claim. Some sort of internal check and balance procedure -- say, an internal requirement to see proof of certification before it can be touted on the Google website, in a Googe blog, in Google marketing materials, or in any other format -- might have kept Google from facing this little PR nightmare.
Worse yet, if this sort of mistake can slip through the cracks, can a potential Google client feel fully confident that the company's other claims are accurate? This mishap, innocent and accidental as it may have been, saps Google's credibility.
This isn't the first instance of Google making a mistake that might have been caught by a more disciplined company that better grasped the ramifications of its actions. For example, remember the uproar Google caused after it collected chunks of user Wi-Fi data around the world as it gathered images for Google Maps? The company claimed ignorance and mortification and apologized profusely for the oversight, but critics would still like to know how the company could have allowed for that to happen in the first place. Some kind of check and balance -- periodic analysis of what's sitting in its vast stores of data, perhaps -- might have prevented the various investigations and lawsuits, not to mention and the drop in faith in Google.
Then there was the whole Buzz debacle: Google introduced a social blogging network and offered Gmail users the option of joining or just going to their email instead upon login. Those that choose to go to their email, thinking it meant they were opting out of Buzz, were still added to the network, resulting in some of their personal info falling into the hands of undesirable recipients, such as exes, employers, and the like. Google recently settled with the FTC to prevent this sort of incident from happening again, agreeing to adopt a comprehensive privacy program. A more disciplined company would arguably already have had a comprehensive privacy program in place that would have prevented the Buzz mess in the first place.
The bottom line here is that Google is no longer a startup company whose mistakes have no significant ramifications. Rather, it's a major player in the world of IT. Business and consumers worldwide rely on its services and products as they go about their daily lives, entrusting the company to protect their data. But Google is demonstrating over and over that perhaps it lacks the discipline to be a trusted business partner. If the company is accidentally grabbing Wi-Fi data as it collects images, what else is it accidentally collecting? If the company is accidentally forcing users into joining a new service, where else is it exposing user data? If the company is incorrectly making claims about the certifications of its software, what else is it overlooking as it tells customers about the security of its products?
This story, "Stop acting like a startup, Google," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Oct 24, 2010

Google Says Whole Emails and Passwords Gathered By Street View Cars

Original story can be find at : 
http://online.wsj.com/article/BT-CO-20101022-714690.html?mod=WSJ_latestheadlines 
By Scott Morrison and Andrew Morse   Of DOW JONES NEWSWIRES 
 
SAN FRANCISCO (Dow Jones)--Google Inc. (GOOG) acknowledged Friday the cars its uses to collect data for its online mapping service had inadvertently gathered entire emails and passwords, a disclosure that prompted the Internet giant to appoint a privacy chief and tighten its policies.
The Mountain View, Calif.-based Internet search giant said it wanted to delete the information as quickly as possible. It also announced several steps its would take to improve its internal privacy and security practices, including the appointment of Alma Whitten, who specializes in computer security, as director of privacy for both engineering and products.
The development comes as Google faces heightened regulatory scrutiny around the world prompted by revelations in May that its cars had collected personal data from unsecured wireless networks while taking photos for its Street View mapping service. Google initially said the data was fragmentary, but external reviews discovered that some of the data was more complete than expected.
"A number of external regulators have inspected the data as part of their investigations," Alan Eustace, a senior vice president in charge of engineering and research, said in a blog post. "It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords."
Google's admission came just days after Canada's Privacy Commissioner said the company violated the privacy of perhaps thousands of Canadians when it captured sometimes highly sensitive personal information such as complete emails, email usernames and passwords, and even information about certain Canadians' medical conditions.
"Canada has played an important role in blowing the digital whistle," said Jeffrey Chester, Executive Director of the Center for Digital Democracy.
Privacy groups have increasingly become concerned by the amount of data companies collect on consumers as they use the Internet. Google Buzz, a social networking project, quickly became the target of complaints when user information was revealed more broadly than anticipated.
Social network Facebook Inc.'s privacy policies have also been scrutinized.
Eustace said Google would enhance training on the proper collection and use of data for its engineering, product management and legal groups. In December, all employees will be required to take a new information awareness program.
Google said the data collection was caused by the accidental inclusion of coding from an experimental project.
On Friday, Google shares were little changed at $612.53.
-By Scott Morrison and Andrew Morse, Dow Jones Newswires; 415-765-6118; scott.morrison@dowjones.com

Oct 15, 2010

Chrome browser - passwords one click away

          2008 was the year when Google decided to release it's first browser. Good news for Google's fans: the browser brings simplicity, speed and innovation in the browsers market. What Google  didn't manage, is to offer their users the minimal tool to protect their privacy : a master-password. In the flowing lines I will copy some pros-cons posts from Chrome's project page located at : http://code.google.com/p/chromium/issues/ . This issue was reported by users from 2008 , that is the release year and Google didn't make no step listening to it's users until now.

Passwords one click away for anyone who access your Chrome browser.

          Strangely the issue is buried very deep in the project web-page as moderators are moving the issue from one part to the other making it difficult for users to follow and see the real importance of the issue. Here is the observation of  the user *grinapo:
Btw this issue _was_closed_.Merged into Issue 1397 which was closed; and merged into Issue 812 which is "profile/login support", so I guess master password request was buried deep. 
          Here are some links where the problem is debated :
  http://code.google.com/p/chromium/issues/detail?id=812 
  http://code.google.com/p/chromium/issues/detail?id=1397
  http://code.google.com/p/chromium/issues/detail?id=27971
  http://code.google.com/p/chromium/issues/detail?id=53

 
       Google's official position can be found here :  http://www.google.com/support/forum/p/Chrome/thread?tid=5f249c4fa04ecd17&hl=en

          The reason of the blog is to bring awareness on this issue of security deficiency and to make a pool that will gather statistics about the relevance of the issue in the real world.

          As for me I really like Google Chrome but I continue to use Firefox because of two important features : master-password and Mozilla Weave (which is off topic and I will not elaborate).



An very interesting post about this issue can also be found here http://lwn.net/Articles/388309/
Master passwords for browsers provide a measure of security against some common, if weak, attack vectors. Firefox has had master passwords for some time, but Google's Chrome browser does not, nor does it seem to have any kind of priority to be added. That makes some users rather unhappy, to the point of saying that they won't use the browser until it is implemented. Google's position seems to be that master passwords only provide an illusion of security, but that is an oversimplification.
The idea behind a master password is to protect the credentials (username and password) for accessing web sites that are stored by the browser. The master password is required to unlock (really decrypt) the credential storage before the browser can auto-fill login forms. Without a master password, Firefox stores credential information unencrypted on the disk. Chrome does encrypt the credentials using the user's session information—but only on Windows—for Linux it stores them unencrypted.
As Jamie Strandboge describes in a blog posting, it is trivial to extract the credentials stored by Chrome on Linux in a SQLite database file. A bug filed against Chrome in September 2008 requests adding a master password, and, while it has seen many comments, it has also seen little action on the part of the Chrome developers. For Linux users, it is pretty clear that leaving an unencrypted version of all stored passwords on the disk is a security hole; it definitely requires access to the data, either on the machine itself or elsewhere—like a network share or backup of the home directory. Ways to get that access aren't very hard to envision. Since the data is encrypted on Windows, the picture there is a little murkier.
It is certainly true that anyone who gets physical access to your machine can do an amazing amount of harm to it if they want to. But it is also true that many people allow their computer to be used by others to do a quick search or check email. Those uses are typically short in duration and are "semi-supervised" in the sense that the owner is often around and might very well notice someone installing a keylogger or running some kind of password cracker. What may escape notice is someone using the browser interface in fairly standard ways—to look at stored passwords for example.
The answer, according to Chrome developer Peter Kasting is to "lock your desktop (it's two keys!) or close Chrome" if you don't trust those with physical access. Essentially, because of the way Chrome is implemented, there is no secure way to allow someone to use your open browser session—or even to start a new one for them to use. With Firefox, one can start a new browser and not provide the master password (or just log out of the "Software Security Device"), which will allow semi-untrusted users to jump on and do a quick Google—or check Gmail.
Given the sensitivity of stored passwords—though many sensitive web sites, like banks and brokerages, have started disallowing credential storage—a master password protecting them gives users a sense of protection. It may well be that the average user overestimates the amount of protection that a master password provides, but that doesn't mean it provides no protection. There is certainly a big difference between a sophisticated hacker willing to risk jail time by installing a keylogger and a "friend" who thinks it would be funny to update your Facebook status for you. The latter is likely to be thwarted by a master password.
It is a bit hard to understand why the Chrome developers are so unwilling to consider adding the feature. It shouldn't be particularly difficult in a technical sense. The "UI complexity" argument rings a little hollow. The lack of any way to get password encryption on Linux just seems like a bug that needs to be fixed, though there isn't any real indication that it will be. Maybe someone in the community needs to take a crack at it—it is, after all, free software.




* pro * - maxthelene 02.09.2008
What I had in mind is something like what Firefox has. It is an option to set a master password for the browser so that private things are protected. It could be used in a variety of ways, but the one that is most important to me is that when you click "show passwords" in the stored passwords menu you should be prompted to enter the master password for the browser. That way if I let my little sister check her email on my computer she can use my browser, but she can't see the stored password for my facebook account so she can play a joke on me. It is basically a way of validating my identity during a console session. - to make it better it could prompt you for it after a period of inactivity or give you the option to go-un-priveleged.

* pro * - leslie 02.09.2008

Yeah, this is a potential security flaw (for example, allowing someone else to use your browser, they can view all saved passwords from 'Options' -> 'Show Saved Passwords') 

* pro * - ptas... 02.09.2008

You have my vote on this feature. Not having this is a significant security flaw. The way it's implemented in Firefox would suffice, with the addition of Jessome's suggestion that "the entire 'stored passwords' menu should itself be password protected".

* pro * - spadgos 03.09.2008

I'll also add this: This should totally be added, similar to how Firefox has done it. Leaving it off by default is fine, it would just annoy those people who don't care - those who do care will take the 3 seconds to find how to turn it on. One thing which *must* be different to how Firefox has implemented this is how it prompts you for the master password. FFx shows a prompt which steals focus and will continue to return on subsequent pages even if it had been canceled previously. As maxthelen said in Comment #2, this feature works well if you want to let a kid sister use your computer without letting them get into all your accounts - the way Firefox does this, it makes browsing *really* annoying for the kid sister, so much so that I had to create a new Firefox profile with the master password turned off.

= con = - pkasting 03.09.2008

Working as intended. There has been much internal debate about this issue in the past which I will not reiterate here, except to summarize. Master passwords as implemented in other browsers provide more of an illusion of security than actual security. They also inconvenience users. Chrome uses the Windows crypto routines to encrypt local passwords, giving you some protection against remote data theft; for local data theft a master password wouldn't help. Eventually this need can be fulfilled in other ways that we have design ideas for.

* pro * - reneluckwo 03.09.2008

It does, however, protect my passwords in a way that let's regular users use my computer without getting access to my passwords, cookies, etc. I imagine it would be easy to implement for you due to the clever way you've build the browser :) This is the one thing keeping me with FireFox.

* pro * - smsoko 03.09.2008

I would reiterate what reneluckow says. While pkast is correct that the master password only gives an "illusion of security" I think he misses the point entirely. pkast is saying that the passwrods use windows crypto while stored which is wonderful but all a hacker has to do is sit at the workstation (or via remote access) launch chrome and select show password from the options menu. Isn't that like encrypting your entire hard drive with multiple levels of security...then leaving a post-it note on the screen with all the password info?
* pro * - sam.derbyshire 03.09.2008

I do think this should be added at least as an option like it is in Firefox, you click the "add master password". That way it would not inconvenience anyone. I agree that it does not give a huge load of a security, but being able to see other people's passwords if using their browser in a click of a button is just wrong. I really think this feature should be added.
* pro * - Shareof Vulcan 04.09.2008

At my office, the IT department has _all_ passwords. This allows me to keep my personal passwords safe on my work computer. Please, _please_ reconsider this decision.
* pro * - simplymtb 05.09.2008

I also posted this "problem" so i agree. This means that anyone who can acces my PC when i forget to lock it can see all my passwords. I was stunned that this option was so easy to see. So PLEASE put in a Master Password cause these kind of things make this program look bad
* pro * - guillaumeflipo 05.09.2008

We indeed need a Master Password over the recorded passwords !Everyone can come and open your Chrome, and get all your passwords ! Absurd !
* pro * - sfjacobs 05.09.2008

Inconvenience them how? The whole discussion is focused on avoiding others being able to see your stored passwords. What sort of security are you talking about? If you are not able to see them and "Chrome uses the Windows crypto routines to encrypt local passwords, giving you some protection against remote data theft" (comment 13), what other security are you looking for? This would address the security concern that you voiced over others seeing your passwords (thus adding an equivalent amount of security to a master password in that context). It would not address the concern over others using your saved passwords, but as the discussion above indicates, Google is more willing to live with that over the inconvenience of typing in a master password.
* pro * - maxthelen 05.09.2008

If you click the little wrench in the upper corner and then click options and then select the Minor Tweaks tab and then click "show saved passwords" it takes you t a menu with all the sites you have passwords stored for. If you highlight a site you can then click the "show password" button and it prints the password right beneath the button in the gray. Not only can anyone who is borrowing your computer to use the internet use your saved passwords, but anyone with even a little experience with web browsers can learn exactly what your password is just by asking the browser, it could be 512 billion bit NSA encryption - it doesn't matter, the browser just hands it out to whoever asks from the console.
* pro * - shmuelp 05.08.2009

Even if the passwords are encrypted when stored on disk (comment #13), if Chromium can decrypt them without user input, then so can other programs. At the very least, malware running when a person is logged in could decrypt and read them. For me, that's the main reason I want a master password option.
= con = - erikheemskerk 26.09.2008

In response to comment 24; if someone borrows your computer, do you let them use your user account? If so, well there's your problem! Having a master password is 'security through obscurity'. Plus, it degrades usability. I already have to convince Windows I am who I say I am, why would I also have to convince my browser?
* pro *  - maxthelen 26.09.2008

I run XP and I hate fast user switching because its a resource consumer with little practical benefit for me. So, I have it off - which, of course, means that if I log off it closes everything I have running, making your resolution very impractical. I'm not letting strangers use my computer, just friends who need to check their email real quickly. 'Security through obscurity' is a very legitimate method for preventing people you trust from getting information that they just don't need to know. Example: If your online banking gets jacked with its not a good situation to have a friend as a suspect because you know they had unrestricted access to the password. As far as degrading usability there are different methods for requiring the password that are non-obtrusive. I will suffice to say that the title of this thread is "No Master Password OPTION" ;) thanks
* pro * drew.stnoebraker 06.10.2008


I am very surprised this feature has been denied. Pkasting's explanation does not address the concern, and therefore leads me to believe that the need has been misunderstood. Even if there are ways around it... master passwords provide significant security against guest users easily or accidentally obtaining an owner's passwords, and therefore access to the owner's website accounts (e.g. online shopping, email, etc.)... even website for which passwords are not stored, if the owner/user reuses passwords. It is only the lack of a master password that offers any inconvenience to users... as long as the master password is off by default (as it is and should be in firefox), users who don't want it never notice it.. but without the option users who do feel the need for it are highly inconvenienced by being forced to not store passwords, or to use a browser that has this feature. 2 things to improve upon firefox's feature: in firefox, there are only 2 options: on or off. When it is on, it requests a master password 3 times before opening a firefox session (perhaps because I have 3 home page tabs with stored passwords.. but this is a bug and needs to be fixed), and causes a major slow-down of the computer, even though it does not seem to be using up resources. However, it would be nice to have a second option, where the master password is not needed to use websites with sotred passwords... only to view the stored passwords.
* pro * - jspeavey 29.10.2008

Until this issue is addressed, I will not be using chrome nor will I allow it to be used in my company. For those arguing that this is just 'security through obscurity' you are fundamentally wrong and are truly missing the point. Someone having access to my Windows account, for whatever reason, should not mean that they should get simple and unauthenticated access to *every password on every system that I save in chrome* and also get the ability to see/copy them for their own use.

This is just too easy a target for too large a risk with too easy a solution:

1) allow the setting of a master password that is used to encrypt the password store.

2) Allow the user the ability to set the time period before re-requiring authentication to the password store. and
         3) Absolutely always require re-authentication to the password store when the   user requests to see the passwords.

* pro * - opodaniel 20.06.2009

I like chrome because it is simple and quick but I won't use it until it have a master password. Let's face it, in this days you need password for a lot of places, you cannot just read news, we have forums of discussion, different mailboxes, maybe some places where we buy stuff. Not having any protection for the passwords is really not a good idea. Any vulnerability in OS can be exploited by some hackers and collect millions of user passwords, because they know where the file with passwords are located on computer. Let's make their job a little harder, not give them our privacy on silver plate.
* pro * gerardc 09.10.2009

Details of the encryption used by Firefox when a master password is specified: http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html

> pkasting
> Working as intended. There has been much internal debate about this issue in the past Clearly not enough if things were left in this situation.

> Master passwords as implemented in other browsers provide more of an illusion of security than actual security.

       Well sure if you don't point out what this illusion is then nobody can tell you where you're logic is going completely wrong. You can crack 3DES in CBC mode can you? Perhaps it is your use of the feature that leads to an "illusion of security than actual security".

> They also inconvenience users.

Yep, more security == more inconvenience. That's the way it's always been and always will be. Not a good reason to be insecure.

> Chrome uses the Windows crypto routines to encrypt local passwords, giving you some protection against remote data theft;

Talk about "illusion of security"!

> for local data theft a master password wouldn't help.

Again, you can crack 3DES in CBC mode? I know I can't, but I can certainly grab all of my coworker's Chrome passwords.

> Eventually this need can be fulfilled in other ways that we have design ideas for.

Great, so the browser has been out for how long now without any good way for users to encrypt the passwords that are saved to it?
* pro * - grinapo 17.02.2010

I wonder whether everyone's deaf and blind regarding this issue. I do not see (but I confess I didn't read all linked discussions since they seem to reiterate things already said) whether anyone really considered this. Let me tell you how my machines work. Firefox. Passwords are encrypted with master. Timeout is 5 minutes from the last password input. When master pw times out you need to enter it again for _anything_ using sensitive information, even to see what sites I have saved passwords for. So, basically Bob has *2.5 minutes* on average if I forget to exit the browser to get my passwords. After that, either he cracks the password, tries to get it form the machine (which could or could not be feasible with no root access) or beats me to tell it. I see no other way for him to get at my passwords, saved forms or anything master pw protected. Opera implements similar master pw timeout. I fail to see how this could be an illusion. Using proper pw input, proper encryption and timed out master pw this protects private data. Correct me if I'm wrong, please. Thank you. If you can't this should be a security related wish and ought to block release. IMO.
* pro * - grinapo 28.02.2010

Comment 45: the problem isn't that this doesn't bother _many_ of us, but that there is a philosophical debate about it's merit, where the opponents usually omit every fact which would contradict their opinion. :-) Until the debate is ongoing it seems nobody want to start to implement anything. By the way those who think master passwords cannot work have ever checked FireFox's FIPS grade mode? It uses master password and magically still possess this government grade certification. (Obviously it means a bit even more strict pw expiration and usage, we do not need to be THAT strict, but it shows the feasibility and security of the feature implemented.) But I don't believe even this would convince the "opposite side" commenters.

Btw this issue _was_closed_.Merged into Issue 1397 which was closed; and merged into Issue 812 which is "profile/login support", so I guess master password request was buried deep.

* pro* - nonoitall 07.04.2010

I agree this issue needs fixing. A master password isn't an "illusion of security" at all. grinapo hit the nail on the head. Without a master password, if my laptop gets stolen or someone goes snooping on it when I'm not around, my passwords are an open book. It wouldn't even take a particularly tech savvy person to get at them. With a master password, the only way someone can access my passwords is (1) if my master password has already been entered (and hasn't expired), (2) by coercing me or (3) by brute force. As long as I own a laptop, I will never use Chrome until this issue is resolved.
* pro * - opodaniel 21.04.2010
I think a blog should be created regarding this issue since Pkasting is erasing a lot of good and full of reason posts. I like Google a lot, but lately some of the employee's action make me take distance. I also am in China right now, so it won't be so hard :)

*-*gerardc
@opodaniel Can you provide some evidence that entries have been deleted? One of the posts that was here earlier but has since been removed should suffice. I imagine you have been recieving email coppies of all posts in the same way I have, so it should be pretty easy to point to an entry that has been deleted without good cause.

*.*opodaniel
No, I don't have those mails because I have unsubscribed from this issue. I am a happy Firefox user, with no pretension from Chrome until this issue is solved. This bring me to another strange issue which is off-topic, but I should answer to your question. I asked before what should I do in order to stop receiving mails with this issue ( because is easy to see that in 2 years time nothing have been done - so there's no point to see people asking for master-pass and developers tell them that windows provide enough protection). I think it was Pkasting who tell me how to do it.. but strangely each time they merge issue's I start receiving the mails and have to unsubscribe from something that I didn't subscribe in the first place, or that I have Already Unsubscribed. The idea is that I've already read this topic several times, and I think that maybe while merging issues, some posts were lost or moved.. who knows.. From my point of view there should be a lot more posts.I have no evidence whatsoever.

Anyway I think a blog where people could express their opinion with possibility to vote would be a good idea. Google would see what people think about this very important issue. There are two questions to be answer by each one of us:

- While Chrome is a product of Google , and is free, why should Google listen to the users? Look at Apple how well it does and how much profit it makes :).

- If Google is not listening, and there are such good alternatives out there.. why should we loose time to help improve? After all.. all products of Google while being free (Google search engine, Google docs, gmail, etc..), are indexed by Google which help them improve the Google Ad-Sense and Ad-Word money making machine. So nothing is really free in life.. except life of-course.

* pro * clr... 05.06.2010
Chrome it's my default browser, but, sadly, I still have to use Firefox to store my passwords. When will this change? This feature it's the last one missing to the retirement of my Firefox.

* pro * sebdanger2 23.06.2010

I agree with cmsoko and grinapo, this issue should be fixed, having a master password is very useful (especially as when you try and view your stored passwords in FireFox you have to reenter it), and yes it is a slight inconvenience to users (less so if you don't close chrome and just hibernate or suspend your PC) but not letting Chrome store any passwords (so know one can see them) is even more of a inconvenience! Please Google sort this out it really can't be that difficult (um... maybe I should have a look at the chromium code and implement it myself!)

* pro * nghtvsion 24.06.2010

ok tl;dr past the halfway point, but i saw no one touch on this point, which differs entirely from the "everybody being able to see your passwords if they want" angle; when i set chrome to save a password, it's saved, right? teh next time i visit that site, the password is pre-filled for me. OR FOR ANYONE ELSE WHO VISITS THAT SITE ON MY BROWSER. with ff, true - if you cancel the enter master password prompt, it comes back. boo hoo for the poor soul at my house, having to use my internet and clicking "cancel" three or four times. which do i care more about, the fact that my friend has to use his click finger a little more than necessary, or the fact that he can get into my facebook, bank, email account, etc just by visiting the site? this issue is keeping me with firefox as well.
* pro * antoine.ody 20.07.2010


I totally agree with nghtvsion. This ISSUE is also keeping me with firefox. Example: my laptop has it's HD encrypted, is password protected, and would log you out after 5 minutes of inactivity. Still, I find useful to be able to let someone use it and walk away, without him beeing able to access all my login-protected websites.
* pro * gerardong 23.09.2010

Good to know it is fine with MacOS. Wondering what is doing IE on this issue? They use Crypto API and they don't show saved passwords on IE preferencies. And i really think that doing that it's JUST FINE. It will take a lot more time to download and execute a cracking tool, rather than clicking on preferences->Show Passwords. If the developers think they are making it clear that the "save password" is not secure by adding the "show pass" button (instead of putting a warning), then you should know that YOU ARE WRONG. You should REMOVE THE BUTTON and add a warning. Because people save passwords anyway no matter how insecure it is! If you are a chrome user, you fall in the following categories:

a) You don't know how insecure it is to save a password => so, you use it.

b) You know how insecure it is, but dont care. => so you use it anyway.

c) You know, and dont use it.
In cases a and b, removing the button (and warn them how insecure it is) will somewhat help them from password stealing from "non-technical users". And that is what we want, and what IE does. We don't care there are a billion cracking tools to steal passwords cause we hope our antivirus will prevent them from running.
* pro * jwilliamwilox 11.11.2010

DON'T BE EVIL Just give us what we are asking for. Most of us are even asking nicely, suppressing our urge to just blurt out what we're really thinking, which would sound something like "What the H-E-double-HockeySticks could they be THINKING?!?!" Resistance to such a benign request make me wonder if we should audit CHROME code. Do _their_ servers have access to our saved passwords? AND . . . is this some of the first anecdotal evidence that the Google-is-positioning-itself-to-one-day-take-over-the-world conspiracy theory might actually have merit? (How can you not SEE it?! They even have cars that DRIVE THEMSELVES!!!) Please, Google. You have the power to stop the wild speculation. A shroud of doubt and fear is settling upon us. Make it stop. Just add the feature already. It's not that big of a deal.
* pro *djdaddp 14.11.2010
I am amazed that this is still getting push-back from Google and it is why I am using Firefox and will migrate to Firefox on my Android as soon as it's stable. Having support for "other password managers" is a kludge. With Firefox my encrypted passwords are automatically synced to every PC I use (and soon to Android). It's easy and I still have local control on each PC. This is not an issue of evil people remotely stealing my passwords - if that were the case, I would have no problem with Chrome. This is an issue of me being able to share a computer with my son and not allowing him to access my passwords.

 What is your Opinion on this issue? Is it a true issue, is it false problem? Do you use Chrome and if so do you store your passwords knowing that any person who use your computer can see them?

Oct 14, 2010

France wants a charter to guarantee the right to oblivion of their Internet users. Google didn't sing .... yet.

C’est un hasard, mais il tombe on ne peut mieux. Le jour où sort sur les écrans français The Social Network, le film de David Fincher consacré à la naissance de Facebook, le secrétariat d’Etat au Développement numérique signe une charte du droit à l’oubli avec plusieurs réseaux sociaux et moteurs de recherche.
C’est le deuxième document de ce genre que Nathalie Kosciusko-Morizet soumet aux acteurs du Web français. La première charte, signée en début de mois, encadrait l’utilisation des données personnelles dans la cadre de la publicité ciblée. « Cette fois, cela concerne les informations que l’on poste de manière volontaire et que l’on voudrait un jour voir disparaître », explique la secrétaire d’Etat.
Microsoft, Pages jaunes, Trombi.com, Skyrock (en tant qu'hébergeur des Skyblogs), Viadeo, Copains d’avant ont répondu à l’appel. Et Google ? Et Facebook ? Ils auraient été « proches de signer », assure la secrétaire d’Etat, mais pour des raisons juridiques et d’organisation interne, il va falloir attendre encore un peu.
L’idée de cette charte est d’éviter d’avoir à travailler à une nouvelle loi et de préciser les principes énoncés dans les lois existantes. « Il y a déjà beaucoup de choses dans la loi de 1978 sur l’informatique et les libertés. Le droit d’accès, le droit de modification, le droit d’opposition… On avait plutôt besoin d’une traduction concrète de ces grands principes », continue Nathalie Kosciusko-Morizet.

Contact obligatoire

Le document, d’une demi-douzaine de pages (à télécharger ici, en PDF, sur le site du secrétariat d'Etat), stipule par exemple que les signataires proposeront dès la page d’accueil un lien exposant la politique de conservation de données du site : quelles données sont collectées, combien de temps, pour quoi faire, comment régler les paramètres de confidentialité, comment faire valoir son droit d’opposition, quels sont les droits des utilisateurs, etc.
Les moteurs de recherche, plus particulièrement, « s’engagent à procéder dans les meilleurs délais à la mise à jour des caches quand une modification leur est signalée, et à leur vidage lorsqu’un contenu est désindexé ». Mais si Google ne signe pas, vu le poids de ce moteur de recherche, la portée de cette disposition risque d'être assez faible.
La charte demande la mise en place d’une série d’outils pratiques pour faciliter la vie de l’internaute. Notamment lui permettre de voir l’ensemble des données qu’il a fournies au site et de supprimer facilement son compte ou des informations. Les sites sont tenus de fournir un contact par lequel les internautes peuvent passer pour demander des modifications, y compris ceux qui ne seraient pas membres du site mais qui sont mentionnés dans les pages (notamment par leur présence sur des photos).
La secrétaire d’Etat a également tenu à aborder un sujet « sensible », de son propre aveu, celui du transfert de données personnelles d’un site à l’autre. La charte impose de demander son consentement à l’utilisateur et à l’informer lorsque ses informations sont transmises hors de l’Union européenne. « Actuellement, c’est loin d’être le cas », assure la secrétaire d’Etat.
 If you like french, here is the full story : http://www.01net.com/www.01net.com/editorial/522206/une-charte-pour-garantir-le-droit-a-l-oubli-des-internautes/?r=/rss/actus.xml

Here is the translation via Google Translate ( funny no?... who said Google is 100% pure evil ? LOL)
  It's a chance, but the odds can not be better. The day of the release on the French screens of the movie The Social Network (movie devoted to the birth of Facebook) the French Secretary of State for Development signed a charter of digital rights to oblivion with several social networks and search engines.
  This is the second such document that Nathalie Kosciusko-Morizet submit to French Web players.  The first charter, signed earlier this month, framed the use of personal data in the context of targeted advertising . "This time it concerns information that we post on a voluntary basis and that we would ever want to see disappear, "said Secretary of State.
  Microsoft, Yellow Pages, Trombi.com, Skyrock (as host of Skyblogs), Viadeo, Buddies before responding to the call. And Google ?   And Facebook? They were "close to signing," says Secretary of State, but for legal reasons and internal organization, it will have to wait a little longer.
   The idea of this charter is to avoid having to work on a new Act and clarify the principles contained in existing laws. "There are already many things in the 1978 Law on Informatics and Freedoms.  The right of access, the right of amendment, the right to object ... We had rather need a concrete translation of these principles, "continued Nathalie Kosciusko-Morizet.

  Contact mandatory

  The document, a half-dozen pages ( download here in PDF on the website of the Secretary of State), for example, stipulates that signatories will offer the home page a link explaining the conservation policy site data: what data are collected, how long, what for, how to adjust the privacy settings, how to assert his right to object, what are the rights of users, etc..
  Search engines, in particular, "undertake to proceed promptly to update their cache when a change is reported, and dump them when content is de-indexed.   But if Google does not sign, given the weight of this search engine, the scope of this provision might be quite low.
  The charter calls for the establishment of a series of practical tools to make life easier for the user, allowing him to see all the data he provided to the site and easily delete their account or information.  Sites are required to provide a contact through which users can go to ask for changes, including those who are not members of the site but who are mentioned in the pages (including their presence in photographs).
  Secretary of State was also keen to talk about something "sensitive" by his own admission, the transfer of personal data from one site to another.  The charter requires the consent request to the user to know when their information is shared outside the European Union. "Currently, it is far from being the case," says Secretary of State.